问题描述
我试图在整个互联网上寻找,但看不到如何实现我被要求的目标.这是我的企业应用程序,它使用 Asp.net Identity 进行基于表单的身份验证.我已经扩展了用户和角色以及组以在我的代码中提供授权.(注意:不使用任何组/角色指令).
I tried to look for all over internet but couldn't see how I can achieve what I was asked to. Here is my enterprise app which uses Asp.net Identity for form based authentication. I had extended User and Role along with Groups to provide authorization in my code. (note: not using any group/role directives).
现在我被要求研究更改代码以适应 Azure Active Directory 身份验证的可能性.我尝试阅读如何注册应用程序、将用户发送到 Azure 站点进行身份验证、取回令牌等.但是我被困在之后怎么办?"我已通过身份验证的用户如何使用我现有的 Asp.net Identity 模型,其中用户存储在 sql 数据库中.如何使用此令牌关联现有用户.
Now I was asked to look at possibility of changing code to accommodate Azure Active Directory authentication. I tried reading on how you can register app, send user to Azure site for authentication, get back token etc. However I'm stuck at 'what-afterwards?' I have authenticated user How can I use my existing Asp.net Identity model where user was stored in sql database. How to use this token to relate the existing user.
此外,当我将项目更改为允许 Azure AD 时,它会删除 Aspnet.Identity 包,因为它与 Azure AD 不兼容!!
Moreover, when I change my project to allow Azure AD, it removes Aspnet.Identity package as its not compatible with Azure AD !!
我什至尝试手动将两个包并排放置,我必须指出用户被发送到 Azure 上进行身份验证的位置,然后转回主页并再次以永无止境的循环登录 Azure AD.
I even tried manually keeping both packages side by side, I got to point where user is sent to authenticate on Azure, diverted back to home page and again to login on Azure AD in never ending loop.
总结问题,我如何从 AAD 验证用户并继续使用现有的角色和组授权.
to summarize the question, How can I authenticate user from AAD and keep using existing Roles and groups authorization.
我尝试创建单独的 Web 服务来验证用户并发送 JWT 令牌.如果我直接在浏览器上调用它可以找到,但是,当我尝试从我的网络应用程序调用此服务时,我得到了奇怪的错误
I tried creating separate web service which will authenticate user and send JWT token. which works find if I call it directly on browser, however, when I tried to call this service from my web app I get weird error
Application with identifier 'a2d2---------------' was not found in the directory azurewebsites.net
这里的奇怪部分是目录名称是azurewebsites.net",而不是我使用的默认目录.
Weird part here is name of directory is 'azurewebsites.net' and not the default directory I'm using.
更新这是引发错误的代码
public async Task<ActionResult> Login(string returnUrl)
{
try
{
// get the access token
AuthenticationContext authContext = new AuthenticationContext(authority, new TokenCache());
var clientCredential = new ClientCredential(clientId, password);
//Error on below line
AuthenticationResult result = await authContext.AcquireTokenAsync(resourceId, clientCredential);
// give it to the server to get a JWT
HttpClient httpClient = new HttpClient();
httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken);
......
推荐答案
试试这个:
var client = new RestClient("https://login.microsoftonline.com/{tenant-
Id}/oauth2/v2.0/token");
var request = new RestRequest(Method.POST);
request.AddHeader("cache-control", "no-cache");
request.AddHeader("content-type", "application/x-www-form-urlencoded");
request.AddHeader("grant_type", "password");
request.AddParameter("application/x-www-form-urlencoded",
"grant_type=password&client_id={client-Id}&client_secret={client-
secret}&scope={scopeurl}&userName={username}&password={password}",
ParameterType.RequestBody);
IRestResponse response = client.Execute(request);
var json = response.Content;
var JSONObject = JObject.Parse(json);
var token = (string)JSONObject["access_token"];
这篇关于使用 asp.net Identity 进行 Azure AD 身份验证以进行授权的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!